Lab 4 has been returned. I ended up combining the robustness (style) and correctness scores, so you can get up to 80% of what you lost for that category (not for the commenting and documentation) by fixing the problems. One important note: you must visit the secure programming clinic if you have not done so yet in order to get the points back.

You can now sign up for lab #3 grading. Each block is 15 minutes long, and each team (not individual!) signs up for a block. Pick a time when all team members can come. If none of the listed times work, please email me to schedule another time.

Lab 2 has been returned. I ended up combining the robustness (style) and correctness scores, so you can get up to 80% of what you lost for that category (not for the commenting and documentation) by fixing the problems. One important note: you must visit the secure programming clinic if you have not done so yet in order to get the points back.

Prof. Ron Rivest (the “R” in “RSA”) will be visiting on Thursday, December 1, and will give a lecture on “Auditability and Verification of Elections”, an area in which he has been working in. I strongly encourage everyone to go. It is in 1131 Kemper Hall at 3:10pm.

The Information Security Office will be hosting a talk by Christopher Thomas, a supervisory special agent in the FBI’s Sacramento Field Office, on “Confronting Cyber Threats: Cybersecurity from the FBI’s Perspective.” The talk is from 12–1 on Wednesday, October 26. This talk is for the university community, so staff, faculty and students are very welcomed. We will provide pizza and water until they run out. As for the other logistics:

Time: We have the room from 12–1. There is a class that ends at 11:50 and one that starts at 1:10, so please be mindful if you show up earlier.

Talk: I will talk for 10 minutes about cybersecurity on campus and how it affects staff, students, and faculty. Special Agent Christopher Thomas will have the next 40 minutes to talk, and then a 10-minute Q&A.

From a friend in Germany who does work in privacy. She is looking for people to participate. You might find it interesting!

Hope this helps,

Matt Bishop

Call for Participation: Web Tracking Study

The digital fingerprint of a browser can be used to recognize users on websites without their knowledge or consent. This technique is called browser fingerprinting and utilizes the unique combination of several browser characteristics.

If you sign up for participation (no account/password required, no technical knowledge needed), you can test over a longer period of time if you leave unique traces when surfing the Web.

Time required is less than 1 minute per week. Moreover, every 4 weeks participants receive a report as PDF file about the duration of their recognition and comparative values to other participants. You can unsubscribe at any time.

We would also highly appreciate if you distribute this call to your private and professional contacts: friends, relatives, students, colleagues, mailing lists, web forums and so on. If you sign up for participation, you can also use our privacy-preserving social media buttons (Facebook, Twitter) with predefined announcement text.
Study details for researchers and other interested people

We are going to release an open data set of fingerprints. Till now, everybody doing research on countermeasures to browser fingerprinting has to collect their own data sets, and this is extremely time-consuming.

Our data set will be especially useful for research, because through our study design we have an unprecedented level of ground truth: We can assign each fingerprint to a particular (of course, anonymized) participant. In all other projects, recurring participants are recognized through cookies, which is quite error-prone, as people delete their cookies.

Moreover, participants voluntarily fill in a small demographic survey (this data will not be released in the open data set), such that we can assess the representativeness of our study for the Internet users worldwide.

You can now sign up for lab #1 grading. Each block is 15 minutes long, and each team (not individual!) signs up for a block. Pick a time when all team members can come. If none of the listed times work, please email me to schedule another time.

[UPDATE: You can now get to the VMs just as before. The error that caused the 403 response has been fixed.]

Folks,

Some people reported problems with the networking on these systems. What is happening is that the VMs were set up to use DHCP to get IP addresses. This works if you're on a network with a DHCP server that will respond, but not otherwise. The solution is to set the IP addresses manually.

You can do this using ifconfig. Or, to make things easy, you can download new versions of the VMs that have the IP addresses pre-configured (they are 10.0.0.4 and 10.0.0.5).